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Middlebox flow traversal registration. 

Background 

Technical Background/Existing Technology 

The TCP/IP protocol suite has two separate signalling layers, one 
at the session layer, and one at the IP layer. An example of a 
session layer signalling protocol is SIP. An example of an IP layer 
signalling protocol Is RSVP. To set up a session with reserved 
rosources, signalling at both layers is needed. The signalling at the 
session layer may follow a different path than the user data, the IP 
layer signalling follows the same path as the user data. This Is 
Illustrated In Figure 1 . In this case the control functions for a 
specific IP flow are distributed among the nodes (middloboxes and 
routers) along the path of the flow. . 




MB MiddScbox or rout 
Figure 1. Common path for IP layer signalling and user data flow. 

In mulli-access scenarios- with multiple radio hops and 
requirements on session continuity in complex handover 
situations, an IP layer signalling protocol can be used to transfer • 
control messages to middleboxes such as network address 
translators, firewalls, etc. to ascertain that an user data IP flow is 
processed correctly. This aspect of IP layer signalling is 
addressed by the IETF NSIS working group [nsis]. 

There is also a need to coordinate the resource utilization and the 
- configuration of firewalls and other types of middleboxes. For 
coordination purposes, the use of a centralized control entity is 
favourable. The definition of such an entity, called a Midcom 
Agent, is addressed by the IETF Midcom working group [midcom]. 



The Go Interface described in [23.207] allows the Policy Decision 
Function (PDF) to apply policy to the bearer usage in the GGSN 
[RFC 2748], Requests for policy decisions are sent by the the 
GGSN over the Go interface to the PDF, For example "Is it OK for 
IP flow X to use 100 kbps of bandwiW.The PDF responds with a 
policy decision, e.g. lf not OK". There is a client-server relation over 
the Go Interface between the GGSN and the PDF. 

On the other hand, In the proposal below, there is a master-slaye 
relation between the Midcom Agent and the flow specific state 
machine in a middlebox, The master-slave relation Is used to 
allow the Midcom Agent to exercise control of the flow specific 
state machine in the middleboxes. One of the ideas in this ID is a 
registration procedure, where the slave registers with the master, 
Some overlap exists with the authorization and Identification 
procedure over the Go Interface, see section 6,1.3 of [23,207]. 

Problems with existing solutions 

When using a Midcom Agent, the signalling messages for a 
specific session do not necessarily traverse the same routers and 
middleboxes as the user data flow of the session. The control 
plane must therefore determine which routers and middleboxes a 
specific IP flow traverses so that it can direct control messages 
related to this flow to these nodes. The existing solutions handlo 
policy control, or control of firewalls and address translators, but 
do not fully address the objective of the idea described below, that 
Is to establish communication for general purpose connection 
control between Midcom Agents and middleboxes. 

The use of two separate signalling protocols to set up a session 
introduces unnecessary complexity and is a waste of bandwidth, 
especially over radio interfaces. 

Basic Concept 

The Midcom Agent determines which routers, and middleboxes a 
specific IP flow traverses by receiving a specific flow registration 
message that is sent from each of the nodes that a user data IP 
flow traverses. The control plane can thereby direct control 
messages related to the user data IP flow to the middleboxes and 
routers along the path that the flow traverses. This is illustrated In 
Figure 2, 
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Figure 2 Flow registration signalling according to the Invention. 

By decoupling the IP layer signalling path from the user data path, 
it is possible to co-locate the IP layer control nodes with the 
session layer control nodes. The information elements carried by 
the IP layer signalling mechanism can then be moved to the 
session layer signalling mechanism. This means that the session 
layer signalling mechanism handles the tasks of the IP layer 
signalling mechanism, and the latter is then not needed. This is 
Illustrated In Figure 3. 
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FiQuro 3 Using session layer signalling also for IP layer signallinrj 



Detailed desciriptiofii 



Detailed Technical Description of the Invention 

The basic idea of the Invention is illustrated in Figure 4,-The 
Mldcom Agent handles the control functions for the flow. Those 
functions are related to resource control, firewalls, network 
address translators, etc. The control functions are performed 
according to the session parameters for bandwidth and QoS that 
are negotiated using the session layer signalling protocol. Also the 
flow identity is determined during the session signalling (step 1 1n 
the figure). The flow identity can for example be defined by the 
source and destination IP addresses and port numbers plus the 
protocol Identity In the IP header. 

In a multi-access scenario, a node such as a router or a middlebox 
may enter Into the path of a user data flow during a session as a 
consequence of user movement. For example, during a session 
the user may enter a train with a focal network and a local firewall. 
In such cases a registration procedure will be needed to 
continuously Update the control plane about the nodes that are 
present along the path of a flow, and their functional capabilities. 

Using a standard agent discovery procedure, the node finds the 
address of the Mldcom Agent (step 2 in the figure). The node then 
registers Its identity and functional capabilities with the Mldcom 
agent (stop 3 in the figure). When the node detects an IP flow it 
sends a registration message for the flow to the Mldcom agont 
(step 4 in the figure), 

The registration message contains a flow Identity and a node 
address. The flow identity Is also used in the session layer 
signalling, and the session layer control plane can match the flow 
Identity In the session signalling with the flow identity, in tho flow 
registration message. The session layer control plane will then be 
able to send control messages to the routers and middleboxes 
along the path of the IP flow to ascertain that the flow Is processed 
correctly (step 5 In the figure), in a mobiie multi-access scenario, 
some of these nodes may enter or leave the path of tho flow during 
the lifetime of a session. 
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Figure 4 Example of regteirationof flows traversing mlddlofooxes. 

The procedure Is described In more detail In the flow diagram in 
Figure 5. 
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Figure 5 Flow diagram for the IP flow registration procedure. 



Advantages off the Invention 

The invention allows for decoupling of IP signalling from the user 
data palh. This facilitates centralization and coordination of 
connection control functions over a multi-access network. 
Moreover, it facilitates merging of session layer and IP layer 
signalling protocols into one protocol, which reduces complexity 
and signalling overhead. 

Abbreviations 



OF ID Controll process for flow with identity FID 

FID Flow Identity 

MA Midcom Agent 

MB Middlebox 

Midcom Middlebox Communication 

NA Node Address 

NF Node Functions 

NSIS Next Steps in Signalling 



References 

RFC 2748: The COPS (Common Open Policy Service) Protocol 
htlD ; / /www . iet £ , enri ■ res t on , v a . ua/r f c/ x£fi27 4 8, . t^fe 

IETF NSIS working group 
http:/Awwletf.cnriTesto 

IETF Midcom working group 
htt pr/A/wvw^ 

[23.207] 3GPP specification 23.207: End-to-end QoS Concepts 
and Architecture, rev. 5.8.0 

http : //www . 3qpy> . org/J: tp/Spgoa / html-Lnf o£23 2<n«h.tto 



Application Data Sheet 

Application Information 

Application Type:: 
Subject Matter:: 
Suggested Classification: : 
Suggested Group Art Unit : : 
CD-ROM or CD-R?: : 
Number of CD disks:: 
Number of Copies of CDs:: 
Sequence Submission?: : 
Computer Readable Form (CRF) : : 
Number of copies of CRF: : 
Title: : 

Attorney Docket Number: : 
Request for Early 
Publication? : : 

Request for Non-Publication?:: 
Suggested Drawing Figure:: 
Total Drawing Sheets : : 
Small Entity?: : 
Latin Name: : 

Variety Denomination Name:: 
Petition Included?:: 
Petition Type: : 
Licensed US Gov't Agency:: 
Contract or Grant Numbers': : 
Secrecy Order in Parent 
Appl . ? : : 



Provisional 
Utility 

None 



None 

No 

0 

MIDDLEBOX FLOW TRAVERSAL 

REGISTRATION 

1510-1077 

No 

No 

3 

No 
No 



No 



-1- 



Initial 12/22/03 



Inventor 
HUGARY 

Full Capacity 
GABOR 

FODOR 
HASSELBY 



Applicant Information 

Applicant Authority Type:: 
Primary Citizenship Country: 
Status : : 
Given Name : : 
Middle Name: : 
Family Name: : 
City of Residence:: 
State or Province of 
Residence: : 

Country of Residence:: 
Street of Mailing 
Address: : 

City of Mailing Address:: HASSELBY 

State or Province of Mailing Address:: 

Country of Mailing Address:: SWEDEN 

Postal or Zip Code of Mailing Address:: SE-165 52 



SWEDEN 
ASTRAKANGATAN 124 



Applicant Authority Type:: 
Primary Citizenship Country: 
Status : : 
Given Name: : 
Middle Name : : 
Family Name: : 
City of Residence:: 
State or Province of 
Residence: : 

Country of Residence:: 
Street of Mailing 
Address: : 

City of Mailing Address:: KISTA 
State or Province of Mailing Address:: 
Country of Mailing Address:: SWEDEN 



Inventor 
SWEDEN 

Full Capacity 
ANDERS 

ERIKSSON 
KISTA 



SWEDEN 
DOVREGATAN 12 



-2- 



Initial 12/22/03 



Postal or Zip Code of Mailing Address:: SE-164 36 



Correspondence 


Information 




Correspondence 


Customer 


000466 


Number: : 






Representative 


Information 




Representative 


Customer 


000466 


Number: : 







Domestic Priority Information 



Application: : 


Continuity 
Type : : 


Parent 

Application: : 


Parent Filing 
Date : : 


















Foreign Priority Information 


Country: : 


Application 
Number: : 


Filing Date: : 


Priority 
Claimed: : 



















Assignment Information 

Assignee Name: : 

Street of Mailing Address:: 

City of Mailing Address:: 

State or Province of Mailing Address:: 

Country of Mailing Address:: 

Postal or Zip Code of Mailing Address:: 



-3- 



Initial 12/22/03 



